From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 16 Apr 2025 19:18:30 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f189.google.com (mail-lj1-f189.google.com [209.85.208.189]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 53GHITfU011420 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Apr 2025 19:18:30 +0200 Received: by mail-lj1-f189.google.com with SMTP id 38308e7fff4ca-30bfd1faeeasf34628011fa.1 for ; Wed, 16 Apr 2025 10:18:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1744823904; cv=pass; d=google.com; s=arc-20240605; b=PCiQRMukxl/zIH9mKZ0CSM5541od9nyQPzKAj6saTwwpt/SQQzQArgEzoIpFS4GklX ZM4dTdmTJZvrs6JzgEsVjqXRYVaA0SB9dhLnHKx+aUBzgXdcCUIOnI8dJiizcop0elm4 5q5wFBvg/ZoZ4iq1ck56wKbSLzgtibWW2bnV6yqkYef43AV6AfS4QcOvF7r7hnqyHzsT 7J6si0QjpbMOz6XZ0B/07fxb+waGhHVtFBTLl2wAItFSRqNhfcXxse+CRwnrWpj/JlTH 7FE3/lGCYour9hmiJCt8LddDKv9AsywOurJlDeTKe9ViNI6Vow3Gxm4VYndIXDmaBDar vUkw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=AGSrXGmlyhi/LqPKYH/RRQ6uwkRavFpFdOUV+eooX3Y=; fh=BhRRANfm5cZ1fYbd1aFZRVjmKRblEELKNXep3iQyVSU=; b=cg0h5qpHTCAIeoDjsdZSynbkiIehqkrF1hqksAH3hMToPwoN7v6HXOCyeJ6epLxgzo mtgFKKf0SYv6Z9sw5npnVKiuPd+jJOypG41bek286C6CBWGGXSM3lL+hydUMhxBEzovc I3N3SvtWFQQuFDrqLMzctHpwZRlq+zFfoCh59lH0nsoTu5B3iml5l1g6+TEHscEChe4Z JYuJvylBJSH9s7xo+oQh7EUTUQWQzhVYafjHVP0ROuDgvLrQkkB8gpz/8GAc/gMYLtKZ oVeh6QOwSIipZRiFok/C7801/q+YyDBPQIbby1W0D1XeJl1a4Z9wJw70FwqFPdQKyIYp dLQA==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=YBJO5kRF; spf=pass (google.com: domain of fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-20250416171819762400a43abce5bbdc-2SRwtn@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1744823904; x=1745428704; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=AGSrXGmlyhi/LqPKYH/RRQ6uwkRavFpFdOUV+eooX3Y=; b=JRAC2R4Py7a/AtKKVl3pbmer2nBryu3cClpuOBYSnGt5UQXPzbTQZoJvtpbc25/vdG sCdpzgml5AhvFlt/dr5KcpqjC8lHzCseGYSX/cQqk6IfQj+VCABWadCM5QdmS2v/AhIi UON3lisgtNTK3yeD5bToJaIzw069VZ6TBPA8k0F12O5wiNp1d1ZPIaj+TheLQXB2Wan9 G69KwU4oRHcxu5FJa46NtjiQz0+fYuYBROnAV0+1DZQxxipRpcdBdpXk8ybqDVVBs7sV q9+pLf4ai6BppWDqLvIU8XUSXwPg7/FwY6CSl/6CJPazOsAmkdJK92DF2TfShds+IJA9 Rtkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744823904; x=1745428704; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=AGSrXGmlyhi/LqPKYH/RRQ6uwkRavFpFdOUV+eooX3Y=; b=bOAXgaMpyHvwQcUAZmxBJpA4g/oF0B4/QJn+b9+fR6r+7IrJuHcfvJm21JY1s6cUeD 5nk4MjzJcO8GSOe/QzavVgvGB1bA2xkcayDj/u72Lz9LIsWl6YI+RM+1mYpAuAtPeL5I AupYK2dOrBZXzAl5pSGXUYQjJwf+oA51BEL+STNkARB7OcfHwD1GtfFqe47ynZFn3lC7 k3b3jehKZutx+G/H0j6LLjdtd0KNsfK1k/T9sJE1zhHMm7G05BeRIft9syEaEFdeqoMA wr/1LpG0mx2zOj8at+YxAPsUYcGwFShLOlr0BOTZILbhWvvSrMPHSlMDCUizdbX1LSNW bEBg== X-Forwarded-Encrypted: i=2; AJvYcCW5t4ZcfoVO5oZhLP7g+2yJ9hoEQj3hCMACLeWFiUHmeVek3S2wq7Ooz3SnU6VYwrlQn/4K@ilbers.de X-Gm-Message-State: AOJu0Yys1JYrLfgANol7wmxLGirAHnKOu1vaWydE/jBYZnORS80t+iEf CrTKUBteojEalG0lh8yo3JYyHFfIcqjbCX78TjHU2f7T+vaVmk8N X-Google-Smtp-Source: AGHT+IFsOyOKvzhmOo3oBYo2NE2h8jnPLLuKYOYRrkk3LlrMM5Fh8AVhPyGEST5eVcbCWdzaylwv7w== X-Received: by 2002:a2e:a814:0:b0:30b:c9cb:47e5 with SMTP id 38308e7fff4ca-3107f68c361mr13216741fa.8.1744823902450; Wed, 16 Apr 2025 10:18:22 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARLLPALo73i7FokU0qIaCGgnmVW9v8YRbpkE8naaqFUeldKdUw== Received: by 2002:a2e:bccc:0:b0:30b:fc92:55c1 with SMTP id 38308e7fff4ca-310850bbac9ls489651fa.0.-pod-prod-06-eu; Wed, 16 Apr 2025 10:18:20 -0700 (PDT) X-Received: by 2002:a05:651c:158c:b0:30c:189d:a169 with SMTP id 38308e7fff4ca-3107f719c28mr11815761fa.25.1744823899904; Wed, 16 Apr 2025 10:18:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1744823899; cv=none; d=google.com; s=arc-20240605; b=bls9jjVfzOyeJK3PCcF8zxtKOWpnRk+XeuDhB71zaJ9T6eU4pPIph6qqORPjCc9Dra VpwgEHZ+M5e8T531iNkRsyh90vGN0wai9tYGkBQdt4yiG4QJNdY/vSEn7jyjaFry1I5y JOZxdI1qb9cfZ/Hi5o/Kt/UM72wxHxQ5glz2bXP/ZrYeoBDKbKZVnhwFeXuptFhBcRGJ yaMWhGXupuVV9pZ6DMq8wJ3TtaPXyCm1ZIZTuN5fPhef+oqa2JbKuNeIokBUQsRqfnHr BLDRLPLRqSvazGPlZhbRQ5YudxnBxLyb1+ZMkFVcXe68Ja42mCiDQw9YuL2e+52H/DoT d+Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=uwVBIC7iYyDpohzWuuBgLJbHfLOv9ixoc5hQwgmIjD8=; fh=7H56SyJ75bwGZUIqRCOBd3K5XpBD2YtSSm9HZ9E1Jq8=; b=N/w5G4YP67Hca76XOoA+XhDRk/jtzyt9VvsWRgpsHNlAsR/uiwAUSYodU1SvjvCUuE uhgIReDme5DRMRiAtAANGV/Olod5uHO+tbXSV7/Uf+C0ymJFcgz84gJUl7uoOK1iC6Xn vAnuoFa7U6NWJnHaq+oXPLK22fmBjCYPZmC9Wu6WaRzL8JJdrj2Dkyj7erwNvbib0VA2 s9ta8YKYpq0M+IJ/SPEhNZdpX3NA9+ZvIoSggVXVy8zmNZdLaJD5hdOlRS2f12I2G7HJ 0WE2siJKvYve/8Isj+7/1uX3H089RGBz4ntgje17XXOjsM8HPvXc48byXtnYgiG2kS7p 4o6g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=YBJO5kRF; spf=pass (google.com: domain of fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-20250416171819762400a43abce5bbdc-2SRwtn@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-30f464c97e3si1117871fa.1.2025.04.16.10.18.19 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Apr 2025 10:18:19 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20250416171819762400a43abce5bbdc for ; Wed, 16 Apr 2025 19:18:19 +0200 From: "'Gokhan Cetin' via isar-users" To: isar-users@googlegroups.com Cc: gokhan.cetin@siemens.com, jan.kiszka@siemens.com Subject: [PATCH v2 5/5] doc/user_manual: describe module signer and certificate provider configuration Date: Wed, 16 Apr 2025 19:17:09 +0200 Message-Id: <20250416171709.742191-6-gokhan.cetin@siemens.com> In-Reply-To: <20250416171709.742191-1-gokhan.cetin@siemens.com> References: <20250416171709.742191-1-gokhan.cetin@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328731:519-21489:flowmailer X-Original-Sender: gokhan.cetin@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=YBJO5kRF; spf=pass (google.com: domain of fm-1328731-20250416171819762400a43abce5bbdc-2srwtn@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328731-20250416171819762400a43abce5bbdc-2SRwtn@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Gokhan Cetin Reply-To: Gokhan Cetin Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: XHjNY/moqkjp Mentions how `KERNEL_MODULE_SIGNATURES` can be used and how to manage the dependencies. Signed-off-by: Gokhan Cetin --- doc/user_manual.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/user_manual.md b/doc/user_manual.md index d8e5c33e..627dacb7 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -1162,9 +1162,17 @@ To provide a signer script that implements your custom signing solution, `SIGNAT can be set for the script path within the module recipe together with `SIGNATURE_CERTFILE` to define the public certificate path of the signer. +In order to choose between different signing solutions, signer recipes should provide the `module-signer` +target and package while certificate provider recipes should provide the `secure-boot-secrets` as target and package +to meet build dependencies. This way, desired signers and certificates can be configured using `PREFERRED_PROVIDER`. + Please see how `module-signer-example` hook generates a detached signature for the kernel module implemented in `example-module-signedwith` recipe. +You can enable build-wide kernel module signing by defining `KERNEL_MODULE_SIGNATURES = "1"` globally, +in this case, `pkg.signwith` build profile is added by default in addition to +`module-signer` and `secure-boot-secrets` target and package dependencies to the kernel module recipes. + ### Cross Support for Imagers If `ISAR_CROSS_COMPILE = "1"`, the imager and optional compression tasks -- 2.39.2 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250416171709.742191-6-gokhan.cetin%40siemens.com.